General
-
Target
NEAS.7f5ff5ef22204eeef998ffa38001d0e0.exe
-
Size
764KB
-
Sample
231024-zql2fshf44
-
MD5
7f5ff5ef22204eeef998ffa38001d0e0
-
SHA1
4c4c2b76007039062ad25dd44601b3d318de886a
-
SHA256
d3141d6f1c8e9ffc38e1f50bfbb6a98b12cfb3928b385d08a3432a11a9eec78d
-
SHA512
0e5a7fe1344b7271fc841ba05b4475512940600b9f3abef57e965e03b292f18ecd880ca92e49569dc71569edbc3099500ac8b08544c13cc73e3e2efbea9625a4
-
SSDEEP
12288:jMrwy90m37OBao9VwaSdAWapD9r+IfGay0rtVkuHSHfBWdf12uLNNqIjPna:fy5cV4JC+I+ayyVLHSHo9LNAMPna
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.7f5ff5ef22204eeef998ffa38001d0e0.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.7f5ff5ef22204eeef998ffa38001d0e0.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
duha
83.97.73.129:19068
-
auth_value
aafe99874c3b8854069470882e00246c
Targets
-
-
Target
NEAS.7f5ff5ef22204eeef998ffa38001d0e0.exe
-
Size
764KB
-
MD5
7f5ff5ef22204eeef998ffa38001d0e0
-
SHA1
4c4c2b76007039062ad25dd44601b3d318de886a
-
SHA256
d3141d6f1c8e9ffc38e1f50bfbb6a98b12cfb3928b385d08a3432a11a9eec78d
-
SHA512
0e5a7fe1344b7271fc841ba05b4475512940600b9f3abef57e965e03b292f18ecd880ca92e49569dc71569edbc3099500ac8b08544c13cc73e3e2efbea9625a4
-
SSDEEP
12288:jMrwy90m37OBao9VwaSdAWapD9r+IfGay0rtVkuHSHfBWdf12uLNNqIjPna:fy5cV4JC+I+ayyVLHSHo9LNAMPna
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1